Running Head: COMPARE & CONTRAST2IntroductionFor some government agencies it can be confusing for who is responsible for protectingthat organizations information.The answer can be surprising, not only are the employees anddepartments of a state government responsible for the protection of confidential information, thestate’s top executives are also responsible for the safekeeping for all of the state’s data.Toensure protection of the state’s sensitive information the executive branch needs to confirm thatan effective IT security policy is in place, reviewed, and updated on a regular basis.The top ofthe executive branch for state government is the governor, who should delegate the responsibilityto the state Chief Information Officer (CIO) that an appropriate IT security policy has beenauthored. The CIO may pass this obligation onto the state’s Chief Information Security Officerwho would have more knowledge of what information the state’s IT security policy shouldcontain.The state CIO and CISO roles has been evolving over the last several years where aclose partnership between the two roles is critical to be able to manage an effective cybersecurityprogram that protects state government assets and information. (Lohrmann, 2014)The mainpurpose of an information security policy is to provide a well-documented strategy on how toproperly protect and maintain the confidentiality, availability and integrity to the stategovernment’s networks and resources.The information security policy should highlight suchareas as risk assessments, user responsibilities, password policies, disaster recovery,administrative responsibilities, etc. (Bowden, 2003)It is essential every state maintains acomprehensive information security policy.A well-written security policy is critical in ensuringthe protection of confidential state data, no matter if a more populous state with more funding ora smaller state with less capital to invest into cybersecurity.Each state government’s informationsecurity policy should reflect the most beneficial way to utilize what cybersecurity resources are
